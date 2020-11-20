Drupal releases security updates to patch flaws in its platform, and deal with malicious double-sided attacks.

By way of learning, an extension is a “suffix located at the end of the name of a computer file”, which distinguishes one content from another, in addition to determining the type of files to be executed by our computers. They are generally 3 to 4 characters long, and are preceded by a period. For example: image.jpg, the first word before the “.” represents the name of the file and the “jpg” is the file extension.

Once this is clarified, we continue. Cybercrime uses tricks to take advantage of vulnerabilities in our computers, simulate this type of extensions in them, and violate our machines for different purposes, which in the end harm us.

The Drupal team has called this vulnerability “dangerous”, and has urged other content management system (CMS) sites to take the same action.

Let’s remember that this is not the first time that Drupal has presented vulnerabilities on its platform. About two years ago, hackers took advantage of a website glitch to mine cryptocurrencies from their users’ computers.

Remote code execution CVE-2020-13671

CVE-2020-13671 is the ID of the vulnerability found by the company, they describe it as sensitive. On the Drupal website, they recommend auditing “all previously uploaded files for malicious extensions.” They emphasize that we should focus on files with more than one extension. They indicate as focal points the following:

phar

php

pl

py

cgi

asp

js

html

htm

phtml

Although this is the list that is observed on the Drupal website, it is not general, the platform suggests evaluating other types of extensions not communicated “case by case”.

If you are a Drupal user, and you want to install the recent update released by the company, what you should do is click here. In this way you can update the version of your platform to Drupal 9.0.8, Drupal 8.9.9, Drupal 8.8.11 or Drupal 7.74, depending on your case.

